At 10:01 PM 10/4/2000 -0400, Kenneth E. Lussier wrote:
ah! i see the error in your ways.....(i think) :-)
did you search for openBSD? if so on a lot of postings they say - this
problem was fixed in openbsd 6 months ago...that could make them show up in
a search.....
look at this
http://www.openbsd.org/security.html#27
thats all the security listing for ver 2.7. a lot of things on that list
aren't installed by default....i'm not quite sure what they mean by
default.....you can DL and install the bare minimum and it totals ~50 megs.....
anyways look at this too..
http://www.openbsd.org/errata.html
hope that this helps...
~kurth
>I have a simple question. Several people today have mentioned that
>OpenBSD is more secure. I won't get into that. But, several people made
>the claim that there hasn't been a single remote exploit in OpenBSD in
>over three years. I've heard this claim a lot out of the OpenBSD folks.
with the default install - a lot of what you listed below is add on
software.....lets look at it...
>So, I was parusing Security Foucus, and I decided to do a little search
>for OpenBSD. Below are the results of that search. Three quarters of
>these are remote (and I'm not counting DoS). Am I missing something, or
>are the OpenBSD folks just not looking??
>
>Kenny
>
>
> 2000-10-04: Multiple Vendor BSD libutil pw_error() Format String
>Vulnerability
> 2000-10-04: Multiple Vendor BSD fstat Format String Vulnerability
> 2000-09-30: scp File Create/Overwrite Vulnerability
> 2000-09-26: Multiple Vendor lpr Format String Vulnerability
> 2000-09-17: OpenBSD "empty" AH/ESP Packet Remote Denial of Service
>Vulnerability
> 2000-08-25: Multiple Vendor mgetty Symbolic Link Traversal
>Vulnerability
> 2000-08-17: X-Chat Command Execution Via URLs Vulnerability
> 2000-08-15: xlockmore User Supplied Format String Vulnerability
> 2000-08-08: Multiple Vendor mopd User Inputted Data Used as Format
>String Vulnerability
> 2000-08-08: Multiple Vendor mopd Buffer Overflow Vulnerability
> 2000-07-11: BB4 Technologies Big Brother Directory Traversal
>Vulnerability
> 2000-07-09: LPRng Incorrect Installation Permissions Vulnerability
> 2000-07-05: Multiple Vendor ftpd setproctitle() Format String
>Vulnerability
> 2000-06-11: BB4 Big Brother CGI File Creation Vulnerability
> 2000-06-08: OpenSSH UseLogin Vulnerability
> 2000-06-01: Multiple Vendor *BSD Denial of Service Vulnerability
> 2000-05-29: Xlockmore 4.16 Buffer Overflow Vulnerability
> 2000-05-29: Multiple Vendor BSD Semaphore IPC Denial Of Service
>Vulnerability
> 2000-05-10: Matt Wright FormMail Environmental Variables Disclosure
>Vulnerability
> 2000-02-24: SSH client xauth Vulnerability
> 2000-01-21: Multiple Vendor BSD /proc File Sytem Vulnerability
> 2000-01-19: Multiple Vendor BSD make /tmp Race Condition Vulnerability
> 1999-09-05: Multiple Vendor setsockopt() Denial of Service
>Vulnerability
> 1999-08-09: Multiple Vendor profil(2) Vulnerability
> 1999-07-02: BSD UFS Secure Level 1 Vulnerability
> 1999-02-17: Multiple Vendor Lsof Buffer Overflow Vulnerability
> 1998-12-21: Multiple Vendor TCP/IP Implementations Vulnerability
> 1998-04-21: Multiple Vendor BNU uucpd Buffer Overflow Vulnerability
> 1997-09-01: Multiple Vendor vacation(1) Vulnerability
>
>**********************************************************
>To unsubscribe from this list, send mail to
>[EMAIL PROTECTED] with the following text in the
>*body* (*not* the subject line) of the letter:
>unsubscribe gnhlug
>**********************************************************
Kurth Bemis - Network/Systems Administrator, USAExpress.net/Ozone Computer
[EMAIL PROTECTED]
http://www.usaexpress.net/kurth
ICQ - 6624050
Call Sign - N1TYW
PGP key available - http://www.usaexpress.net/kurth/pgp
Fight Weak Encryption! Donate your wasted CPU cycles to Distributed.net
(http://www.distributed.net)
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
